DAO Harvard Proceedings: Lawrence Lessig and Sandy Pentland Discuss Code and Law
Yes, code is law. It's just not the only law.
DAO Harvard, which took place in April 2023, was a three-day conference bringing together practitioners, policymakers, and academics to discuss research, legal, and policy considerations of DAOs. Thank you to Harvard Belfer Center’s Technology for hosting us!
The following is the first in a series of transcripts from the DAO Harvard proceedings. In it we feature Lawrence Lessig and Sandy Pentland remarking on the intersection of code and law. Lessig and Pentland were two of four speakers on Day 1’s panel titled Technology, moderated by Metagov’s executive director, Josh Tan.
Talk by Lawrence Lessig
At the start of my work as a legal academic, my main focus was on Eastern Europe during the post-Soviet period. What we thought we needed to do was to go to Eastern Europe and the former Soviet republics and give them law, give them constitutions. At that time, many American lawyers bought the idea. There were literally Americans who went, and for $800 an hour, translated the American Constitution into Albanian or into Russian and thought that that would solve all their problems, that they can just take the law and adopt it. But very quickly, what those who were more reflective recognized was that the post-Soviet didn't need law, or they didn't need legislatures. They had something called law and legislatures and presidents and courts. The problem wasn't that they didn't have those things. It was that the culture for understanding what those things were was fundamentally different.
They thought of a court as a kind of pathetic institution that bent to the will of the party in power. We increasingly think of a court like that, too, but they thought of it before we did. When they thought of a court like that, what that meant is that courts were not a source for human rights protections, because no court would stand up for an individual against the state. What we needed to do was actually change their conception, the norm, about what a court was by bringing them to a federal court in the United States and letting them watch this incredibly respectful judge being treated with respect by everybody and saying, go to hell, to the government, and not being exiled to Siberia.
It was about the culture, not about the Constitution or the law.
I hear conversations about DAOs, which has a strangely similar flavor to it. When I think about the early conversations about the internet, I feel like it's the same thing: the question is not law. The question is two very different cultures needing to operate together, the culture of technologists and the culture of lawyers. I think that the first thing we need to worry about is how to translate those cultures or how to translate understandings so that mistakes don't embarrass both sides.
I'm going to give three examples that I think will suggest the point.
First, many technologists think about the law the way they think about technology. Technology sort of sets up a bunch of affordances and restrictions. It's a kind of game, you play it out, and whatever you get, you get. That's what a game is.
This is the source of the really embarrassing inversion of my slogan, code is law. People take the slogan, code is law, and they say whatever the code gives me is the law. If I can take the DAO and play with its code and steal millions of dollars from it, I'm authorized to steal millions of dollars because the code is the law. The lesson is you've got to find a slogan to meet a slogan. So let me just modify that slogan a bit. Yes, code is law. It's just not the only law. Yes, you might have hacked the game so that you can steal the money, but standing or surrounding that code is another set of code, namely the law that says you can't steal people's money. That's just not allowed.The point is, you've got to recognize that it's not just about what you can do technically. There is instead a human force on top of it. It is going to bend it, importantly, in the direction of what a conception of “justice” is.
I'll take an example of this. Way back before any of this existed, I had a great conversation with a friend at MIT who was just beginning in crypto and thought he had solved the problem of contracting. And in his world, he had built a system where contracts were perfectly unambiguous. And he presented that to me as if this was obviously a good thing. And it took a long time for me to convince him, again, to see that lawyers actually love ambiguous contracts.
In fact, we craft contracts to be ambiguous. Why? Because there's a particular term in a contract that we know we will never come to an agreement on. But we also know there's a one in a million chance that that will ever come up. Rather than taking the deal from the get-go, because we will never come to agreement on that particular term, we make it ambiguous and hope that the one in a million thing doesn't happen. If the one in a million thing happens, then the judge will figure out what to do with that particular term. The point is, this is not, as technologists think about what technology should do, a system where we're trying to perfect and avoid every ambiguity and every incompleteness. The law is there often for good reason. This is not a bug. This is a feature for good reason. We are building ambiguity in the system. Unless you begin to think about that possibility, it's going to be difficult.
The other point I think is most important is that technologists sometimes think that if I can prove it in the law, I can do it. What they don't realize is that the law, especially judges, will bend the law in the direction of what they think justice or right requires. What that means is that you've got to have a good argument in justice for what you're arguing for. We saw this mistake early in the history of the internet when a lot of technologists came along with cool ways to exploit copyright. They were technically legal under the Copyright Act, but actually were affecting massive transfers of wealth from copyright owners to technologists. When the courts thought through the technical legal argument that was being deployed, they were saying, I get that, but screw that, you're guilty, and we're going to take all your money from your corporation. MP3.com is the great example there. We're going to take all your money in punitive damages because you're really just trying to screw the copyright owner. The technologist's response of, “well, wait, I've complied with all the rules” was irrelevant because the law doesn't care about you complying with all the rules.
The law cares about justice. What has to happen in the context of DAOs is you need to begin to build clear use cases that will convince non-technical sorts that this is a really valuable thing that's got to be sustained and allowed in society. Your problem, especially in America, is that DAOs are associated with the crypto noise. The conception of DAOs is “this is how we enable the SBFs of the world to screw everybody else in the world”. Until you can begin to build clear alternative use cases where even a judge leans back and says, yeah, it's really important that we make sure this exists in the world, you're going to find the law destroying everything you're trying to build. Because law has no patience for technicalities. It has no patience for code. It has no patience for logical consistency. It's not constrained by any of those things. It will do what power drives it to do. When power seems to be on the other side, they call that justice.
Talk by Sandy Pentland
I’m a professor at MIT and I also sponsor a thing called law.mit.edu, The Computational Law Review, which is a place for young lawyers to have these discussions. We have an issue up at the moment that is compositional law. There's another one coming. You might be interested, because it's very relevant to this. One of my guys, Dazza Greenwood, was really central in doing the Wyoming DAO Law. That law from my perspective is typical of our attitude towards DAOs, which I think is resonant with the industry, is that we cannot have completely autonomous value production. There is a person who has fiduciary responsibility and the ability under certain conditions to modify the rules of the DAO, and what you've got is really a power assist LLC. This idea makes sense. Having things happen automatically with everybody in agreement and human oversight is not so controversial. It's got its problems, perhaps. We examine these kinds of issues at the Computational Law Review.
Switzerland set up a thing called Swiss Trust Chain, which has little automatic bits of code that you could call micro-DAOs, or maybe smart contracts for things like intellectual property rights, payments, etc. I think that while there's a lot of emphasis on the crypto bros, (they're called bros now, but they are boys, not bros), you need to understand that Swift, the ones that move $5 trillion a day around the world, are now beginning to deploy tokenized systems. These tokenized systems have code that makes sure that things are legal, that there's right of order, that there's resolution. That looks an awful lot like what we're talking about here. But on the scale of $5 trillion a day? This notion of modesty is, I think, maybe pretty resonant with what Lawrence said.
Look, we don't know how to regulate this stuff. We don't know what's going to work, what's going to be just. But there are a couple of basic principles. We laid out some of this in a little article called Legal Dynamism with Robert Mahari, published in the Network Law Review. The idea is that this notion of fiduciary responsibility needs to be maintained. However, three other things need to happen.
One is, it's pretty easy to keep an audit trail. It's not expensive. You can keep copies of all the things you did in a form that then lets you ask questions, such as how does this intersect with sensitive categories? It's not an expensive, complicated thing to do. There are lots of little things you can start doing. Since we don't yet know how to allow DAOs to exist, and it's difficult to figure out where the industry is going to go, we can keep track of it all the time. Not just quarterly reviews, all the time.
Along with this audit trail, what you need to have is continuous proof of compliance. There are things like zero knowledge proofs. We've done network versions of this, where you can show that the transactions being conducted are compliant with a set of rules. You know that they're following the rules, and it doesn't release the data. It's efficient, it's not even expensive. We ought to be doing it for AI, and we ought to be doing it for DAOs. Maybe we should do it for existing corporations, too. Wouldn't that be interesting?
Along with this, you also need to have very clear liability. If you watch something and think it might be bad, you have to know who to talk to fix it. Who is going to be the one who has to respond? That piece of work is legal work. Thinking about liability will give people incentive to pay attention to what they're doing. You need to think about what you're doing, how it's going to affect the world. You need to keep track of it, so that you know you're doing good, so that you actually have a defense in case someone sues you or accuses you of something. You need to manage the risk of what you're doing, and you do that by keeping track of it. It's not a huge overhead. It can be the sort of thing where you're just keeping logs of what you're doing. It might add 5% to your computer bill, but it's not a huge thing. People like Dazza do amazing things like that already for their internal fraud purposes. These are the ways we can do this.
